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DETAILED ACTION 
Continued Examination Under 37 CFR LI 14 

1 . A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1.17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.114. Applicant's submission filed on 15 December 2005 has been entered. 

2. Claims 1-37 have been presented for examination. 

Response to Arguments 

3. Applicant's arguments filed 15 December 2005 have been fully considered but they are 
not persuasive. 

4. In response to the Applicant's argument that the web application is located at the seller's 
web site, the Examiner disagrees. As cited below, column 5, lines 11-31 disclose the merchant's 
web server to return specific MIME data to the purchaser's web browser. Also disclosed in the 
cited section is block 1 16 of figure 1, which is the merchant charge system interface and is 
further discussed in column 7, line 37 to column 9, line 22. 

5. Therefore, the Examiner holds that Cook discloses a web application coupled to the web 
server and also located at the seller's web site. 

6. In response to the Applicant's arguments that none of the cited references disclose HTTP 
or HTTP requests, the Examiner respectfully disagrees. The Cook, Linehan, and Tozzoli 
references are all related in their disclosures of electronic commerce, hereinafter e-commerce, or 
Internet transactions. Newton's Telecom Dictionary defines HTTP as the standard way of 
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transferring information across the Internet and the World Wide Web. It [HTTP] supports a 
variety of media and file formats across a variety of platforms. HTTP is the actual protocol used 
by the Web server and the client browser to communicate over the "wire." In short, [HTTP is] 
the protocol for moving documents around the Internet. 

7. Since all the cited reference disclose the use of the Internet or the World Wide Web, all 
the reference are believed to incorporate HTTP and HTTP requests. 

8. In response to the Applicant's arguments response that the web application does not 
identify when the services of another other than the seller, the Examiner disagrees. The 
merchant's interface can access the services of payment system or the authorization center as 
illustrated by figures 1 and 3, as well as columns 1 1 and 12. 

9. In response to applicant's arguments against the references individually, one cannot show 
nonobviousness by attacking references individually where the rejections are based on 
combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re 
Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). 

10. As per the Applicant's arguments regarding the Examiner's motivation for using ISAPI 
and an abstracted front-end because it is known in the art that it is an easy-to-use, high 
performance interface for back-end applicants and has significant performance advantages over 
the CGI specification, such as having is own dynamic link library. The Examiner found the 
motivation for the 103 rejection of both claims from Microsoft Computer Dictionary, 5 th 
Edition, on page 290. 

1 1 . See further rejections that follow. 
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Claim Rejections - 35 USC § 101 

12. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

13. As per claims 1-36, merely claimed as a computer program representing a computer 
listing per se, that is, descriptions or expressions of such a program and that is, descriptive 
material per se 9 non-functional descriptive material, and is not statutory because it is not a 
physical "thing" nor a statutory process, as there are not "acts" being performed. Such claimed 
computer programs do not define any structural and functional interrelationships between the 
computer program and other claimed aspects of the invention which permit the computer 
program's functionality to be realized. Since a computer program is merely a set of instructions 
capable of being executed by a computer, the program itself is not a process, without the 
computer-readable medium needed to realize the computer program's functionality. In contrast, 
a claimed computer-readable medium encoded with a computer program defines structural and 
functional interrelationships between the computer program and the medium which permit the 
computer program's functionality to be realized, and is thus statutory. Warmerdam, 33 F.3d at 
1361, 31 USPQ2d at 1760. In re Sarkar, 588 F.2d 1330, 1333, 200 USPQ 132, 137 (CCPA 
1978). See MPEP § 2106(IV)(B)(l)(a). 

14. As per claims 1-36, the Applicant claims integrating a seller's web site with a public key 
infrastructure, wherein the public key infrastructure comprises a buyer computer having a Web 
browser adapted to invoke a signing interface to digitally sign electronic messages, which is an 
Applet as disclosed on page 8 of the Spec. The claim proceeds to claim a seller's bank computer 
system adapted to receive service requests from the seller and to respond to those requests and 
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the seller's Web site comprises a filter adapted to redirect HTTP requests received from the Web 
browser, wherein the filter is implemented using Microsoft Internet Server Application 
Programming Interface according to page 10 of the specification. Sample code for implementing 
the filter is shown in figure 4. The next limitation discloses coupled to the filter, an Internet 
server application adapted to receive a redirected HTTP request from the filter and to process the 
redirected HTTP requests, which is disclosed as a servlet or defined as a Internet server 
application on page 10 of the specification, and is further elaborated upon on pages 11-14 and 
Figure 5. Finally, the Applicant claims coupled to the Internet server application, a filter engine 
adapted to receive the processed HTTP request and to identify an HTTP request that contains 
data requiring a digital signature by the buyer computer, which is defined as a public class object 
that extends java.lang.Object on pages 15-16. 

Claim Rejections - 35 USC § 112 

15. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

16. Claims 1-16, 23-25, 28, 29, and 31-34 are rejected under 35 U.S.C. 112, second 
paragraph, as being incomplete for omitting essential structural cooperative relationships of 
elements, such omission amounting to a gap between the necessary structural connections. See 
MPEP § 2172.01. The omitted structural cooperative relationships are: the filter, the Internet 
server application and the filter engine. The Applicant discloses an apparatus, but fails to 
provide any tangible embodiments of the filter, the Internet server application, and the filter 
engine. 
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Claim Rejections 

17. The text of those sections of Title 35, U.S. Code not included in this action can be found 
in a prior Office action. 

1 8. Claim 37 is rejected under 35 U.S.C. 102(e) as being anticipated by U.S. Patent No. 
6,675,153 to Cook et al., hereinafter Cook. 

1 9. As per claim 37, Cook teaches an apparatus for integrating a seller's Web site with a 
public key infrastructure, said apparatus comprising: 

a Web server located at the seller's Web site, see figures 1, blocks 106, 108, 3, blocks 
106, 108, see also column 4, lines 42-46, column 5, lines 11-31; 

a Web application coupled to the Web server and also located at the seller's Web site, the 
Web application adapted to: 

identify those HTTP requests from a buyer that include data requiring a digital signature 
of the buyer, see figures 1, block 1 16, 2, blocks 114, 118, see column 1, line 62 to column 2, line 
6, column 5, lines 11-31, column 6, lines 17-28, column 7, line 37 to column 9, line 22; 

create a Web page for transmission to a browser controlled by the buyer that will cause 
the browser to invoke a signing interface to digitally sign the data, see figures 1, block 1 16, 2, 
blocks 1 14, 1 18, see column 1, line 62 to column 2, line 6, column 5, lines 11-31, column 6, 
lines 17-28, column 7, line 37 to column 9, line 22; and 

identify HTTP requests that require a service provided by an entity other than the seller, 
see figures 1, blocks 102, 104, 3, blocks 102, 104, as well as column 11, line 60 to column 12, 
line 40; and 
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coupled to the Web application and also located at the seller's Web site, an interface 
module adapted to receive a request for service from the Web application, format and transmit 
the request, receive a response to the request, and forward the response to the Web application, 
see figure 1, blocks 102, 104, 3 blocks 102, 104, as well as column 4, lines 56-64, column 9, line 
23 to column 10, line 8. 

20. Claims 1- 3, 5-9, 20, 21, 23-25, 28, 29, and 31-34 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over SET as taught by U.S. Patent No. 6,327,578 to Linehan, hereinafter 
referred to as SET, in view of U.S. Patent No. 5,717,989 to Tozzoli et al., hereinafter Tozzoli. 

21. As per claim 1 , SET teaches an apparatus for integrating a seller's Web site with a public 
key infrastructure, wherein: 

the public key infrastructure comprises a buyer computer having a Web browser adapted 
to invoke a signing interface to digitally sign electronic messages and a seller's bank computer 
system adapted to receive service requests from the seller and respond to those requests with 
digitally signed service responses comprising, see figure 1, see also column 3, lines 15-23, i.e. 
while on the internet, "the merchant's computer 104 forwards the consumer's payment request 
over internet path 122 during a second step to an acquirer gateway 106 operating on behalf of the 
acquirer bank 108"; the seller's Web site comprises: 

redirecting HTTP requests received from the Web browser, see figure 1, see also column 
3, lines 15-23, i.e. while on the internet, "the merchant's computer 104 forwards the consumer's 
payment request over internet path 122 during a second step to an acquirer gateway 106 
operating on behalf of the acquirer bank 108"; 
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coupled to the filter, an Internet server application adapted to receive a redirected HTTP 
request and process the redirected HTTP request, see figure 1, see also column 3, lines 23-32, i.e. 
"The acquirer gateway 106 passes the consumer's payment request to the acquirer bank 108 over 
a private network path 122'. The acquirer bank 108 sends the consumer's payment request to the 
card issuing bank 112 over the private network path 124 to check whether the consumer's credit 
or debit card account is active and sufficient for the proposed transaction with the merchant. The 
issuing bank 112, as the card issuer, authorizes the transaction in a message sent over the private 
path 126 to the acquiring bank 108. The acquiring bank 108 sends the transaction authorization 
over private path 128' to the acquirer gateway 106 5 signing the message with the acquiring 
bank's digital signature"; 

coupled to the Internet server application, a filter engine adapted to receive the processed 
HTTP request and to identify an HTTP request that contains data requiring a digital signature by 
the buyer computer, see figure 1 and column 3, lines 32-39, i.e. "The acquirer gateway 106 
forwards it over the internet path 128 to the merchant, authorizing from the merchant to proceed 
with the transaction. Once the merchant has received the transaction authorization from the 
acquirer gateway 106, the merchant completes the sales transaction with the consumer." 

22. SET does not disclose the use of a filter or filter engine. 

23. Tozzoli discusses the use of filtering when processing transactions over the Internet. It 
would have been obvious to one of ordinary skill in the art at the time the invention was made to 
include filtering, since Tozzoli discloses in column 11, lines 52-57 that such a modification 
allows the merchant to verify and access data fields quickly and process the order accurately. 
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24. Regarding claim 2, SET discloses a bank interface adapted to receive the request and 
transmitting the request to the seller's bank in figure 1, blocks 106, 122', and 142', as well as 
column 3, lines 13-47. 

25. Tozzoli discloses the filter engine and reformatting the request in figures 3a-3c, column 
7, line 42 to column 8, line 3, column 11, lines 52-58, and column 12, line 64 to column 13, line 
4. 

26. With regards to claim 3, SET teaches wherein the bank interface is further adapted to 
receive a service response to the request from the seller's bank and forward the response to the 
filter engine, see figure 1, as well as column 3, lines 13-47. 

27. Regarding claim 5, Tozzoli teaches a Web server adapted to parse requests redirected by 
the filter, see figure 5, as well as column 7, line 53 to column 8, line 12. 

28. Regarding claim 6, SET teaches wherein services provided by the seller's bank are 
provided within the context of a four-corner model, see figure 1 . 

29. With regards to claim 7, SET teaches wherein the four-corner model comprises the buyer, 
the seller, the seller's bank, and a buyer's bank, see figure 1, where the buyer is the consumer, 
block 102, the seller is the merchant, block 104, the seller's bank is the acquiring bank, block 
108, and the buyer's bank is the issuing bank, block 1 12. 
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30. Regarding claim 8, neither SET nor Tozzoli disclose wherein the filter is implemented 
using ISAPI. 

31. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to implement the filter using ISAPI, since it has been held that ISAPI is an easy-to- 
use, high performance interface for back-end applications and has significant performance 
advantages over the CGI specification, such as having its own dynamic-link library. 

32. Regarding claim 9, SET teaches wherein the Internet service application is adapted to 
generate HTTP responses based on data received from the filter engine, see column 3, lines 13- 
47. 

33. Regarding claim 23, Tozzoli and SET do not teach wherein the filter engine determines 
whether an HTTP request contains data requiring signature by applying filtering rules. 

34. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have the filter engine determine if the data required a signature, since SET discloses 
at column 3, lines 32-47 that such a modification would ensure that the transaction was 
authorized by the appropriate user. 

35. Regarding claim 24, Tozzoli and SET do not teach wherein the filter engine is 
programmed to recognize each HTTP request that includes data requiring signature. 

36. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have the filter engine recognize that the data has a digital signature, since SET 
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discloses at column 3, lines 32-47 that such a modification would ensure that the transaction was 
authorized by the appropriate user. 

37. Regarding claim 25, Tozzoli and SET do not teach wherein the filter engine is 
programmed to recognize HTTP requests transmitted by the Web browser that have been 
modified to include a special tag that indicates whether the request includes data that requires 
signature. 

38. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have the filter engine recognize special tags that indicate the request for a digital 
signature, since SET discloses at column 3, lines 32-47 that such a modification would ensure 
that the transaction was authorized by the appropriate user. 

39. Regarding claim 28, neither SET nor Tozzoli teach wherein the filter engine provides an 
abstracted front-end interface via java remote method invocation. 

40. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made for the filter to comprise of an abstracted front-end, since it has been held that an 
abstracted front-end is an easy-to-use, high performance interface for linking to back-end 
applications. 

41 . Regarding claim 29, Tozzoli teaches wherein the filter engine employs a rules class, see 
column 1 1, line 52 to column 12, line 1 1 . 
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42. Regarding claim 3 1 , neither SET nor Tozzoli teach wherein the bank interface is 
designed with a plug-in based architecture. 

43. Linehan discloses wherein the bank interface is designed with a plug-in based 
architecture. It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to design the bank interface with a plug-in based architecture, since Linehan 
discloses at column 9, lines 3-28 that such a modification would allow the bank to operate with 
foreign consumers. 

44. Regarding claim 32, SET and Tozzoli do not teach wherein the bank interface supports 
an abstract front-end interface to allow communication via a plurality of middleware 
technologies. 

45. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made for the filter to comprise of an abstracted front-end, since it has been held that an 
abstracted front-end is an easy-to-use, high performance interface for interacting with 
middleware from a plurality of vendors. 

46. Regarding claim 33, SET teaches wherein the bank interface is adapted to create and 
transmit OCSP requests, see column 3, lines 25-47. 

47. Regarding claim 34, SET teaches wherein the bank interface comprises a certificate 
status check module, see column 3, lines 25-47. 
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48. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over SET in view of 
Tozzoli as applied to claim 2 above, and further in view of Linehan. 

49. With regards to claim 4, SET does not disclose wherein the service is certificate 
validation. 

50. Linehan discloses certificate validation. It would have been obvious to one of ordinary 
skill in the art at the time the invention was made to include certificate validation, since Linehan 
states at column 4, lines 23-44 that such a modification would serve to validate that the payment 
was authorized by the card holder. 

51. Claims 10-16 are rejected under 35 U.S.C. 103(a) as being unpatentable over SET in 
view of Tozzoli as applied to claim 1 above, and further in view of U.S. Patent No. 6,052,785 to 
Lin et al., hereinafter Lin. 

52. Regarding claim 10, neither SET nor Tozzoli disclose wherein the Internet server 
application is adapted to pass a hash table to the filter engine. 

53. Lin teaches wherein the Internet server application is adapted to pass a hash table to the 
filter engine. It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have the server application pass a hash table to the filter engine, since Lin 
discloses at column 8, lines 43-56 that such a modification supports authentication, which is 
necessary to prevent fraudulent transactions. 

54. With regards to claim 1 1 , Lin teaches wherein the hash table comprises the headers from 
the redirected HTTP request, see figure 3, as well as column 8, line 51 to column 9, line 17. 
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55. With regards to claim 12, Lin teaches wherein the hash table comprises the method of the 
redirected HTTP request, see figure 3, as well as column 8, line 51 to column 9, line 17. 

56. With regards to claim 13, Lin teaches wherein the hash table comprises the content-type 
of the redirected HTTP request, see figure 3, as well as column 8, line 51 to column 9, line 17. 

57. With regards to claim 14, Lin teaches wherein the hash table comprises the buyer 
computer's IP address, see figure 3, as well as column 8, line 51 to column 9, line 17. 

58. With regards to claim 1 5, Lin teaches wherein the hash table comprises the actual data in 
the redirected HTTP request, see figure 3, as well as column 8, line 51 to column 9, line 17. 

59. With regards to claim 16, Lin teaches wherein the hash table comprises a unique session 
ID, see figure 3, as well as column 8, line 51 to column 9, line 17. 

Conclusion 

60. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christian La Forgia whose telephone number is (571) 272-3792. 
The examiner can normally be reached on Monday thru Thursday 7-5. 

61 . If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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62. Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Christian LaForgia 

Patent Examiner CHRISTOPHER REVAK 

Art Unit 2131 PRIMARY EXAMINER 




